CSC 580: Cryptography and Security in Computing

More Information

There is a lot of great information about cryptography and computer security out there, both in print and on the Web. Here is a list of references that I think are particularly good or relevant for this class:

Material for "Security Overview" (week of 8/22)

Key Organizations and Standards Bodies/Sources

  • NIST (National Institute of Standards and Technology)
    US Government organization defining technology standards and other useful information
    NIST has a Computer Security Division which publishes the "800-series" of publications on Computer Security. See especially:

    • SP 800-12 - An Introduction to Computer Security: The NIST Handbook
    • SP 800-21 - Guidelines for Implementing Cryptography in the Federal Government
    • SP 800-53 Rev. 3 - Recommended Security Controls for Federal Information Systems and Organizations
    • SP 800-57 - Recommendation for Key Management
    • SP 800-61 - Computer Security Incident Handling Guide

  • FIPS (Federal Information Processing Standards)
    Run under the Information Technology Laboratory at NIST, publishes standards for how government systems must be run (including standard cryptographic algorithms such as AES, DSS, etc.)

  • IETF (Internet Engineering Task Force)
    Publishes internet standards, protocol definitions (including IP, TCP, TLS, etc.), and other documents as RFCs. Non-protocol documents of particular interest include:

    • RFC 4949 - Internet Security Glossary, Version 2
    • RFC 2340 - Expectations for Computer Security Incident Response
    • RFC 2196 - Site Security Handbook
    • RFC 2504 - Users' Security Handbook

  • ITU-T (International Telecommunication Union - Telecommunicaion Standardization Sector)
    Publishes the "X-series" recommendations, including

    • X.200 - Open Systems Interconnection (OSI) - Basic Reference Model
    • X.500 - OSI Directory
    • X.800 - OSI Security Architecture

Miscellaneous items from overview

Designing security in

Material for "Classical Encryption Techniques" (week of 8/29)

Interesting and/or unsolved ciphers

Information on classic cryptography


Advanced Encryption Standard (AES)

Security Model References

  • Ciphertext Indistinguishability article at Wikipedia - this is a little terse, and the models seem to assume a public key crypto model, but otherwise it's a reasonable reference

User Authentication

Hash Functions

  • MD5 Collision Demo has a great overview of the vulnerability of MD5 with respect its lack of strong collision resistance. This page give not just meaningless collisions, but very practical examples of different programs with the same MD5 hash value, and different Postscript files with the same MD5 hash value.
  • Wired article on X.509 certificate forgery - this was a real attack on a Certificate Authority that demonstrated how the MD5 weakness led to forged certificates.